On Sun, Jan 28, 2007 at 12:47:18PM -0500, Thor Lancelot Simon wrote:

> > Wouldn't the old root also (until it actually expires) verify any
> > certificates signed by the new root? If so, why does a server need to
> > send the new root? So long as the recipient has either the new or the
> > old root, the chain will be valid.
> 
> That doesn't make sense to me -- the end-of-chain (server or client)
> certificate won't be signed by _both_ the old and new root, I wouldn't
> think (does x.509 even make this possible)?
>
> Or do I misunderstand?

The key extra information is that old and new roots share the same issuer
and subject DNs and public key, only the start/expiration dates differ,
so in the overlap when both are valid, they are interchangeable, both
verify the same (singly-signed) certs. What I don't understand is how
the old (finally expired) root helps to validate the new unexpired root,
when a verifier has the old root and the server presents the new root
in its trust chain.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to